I'm building a REST API and one of my endpoints will be something like /api/foo/{id}/bars. I want to get all of the bars available that have a fooId matching the {id} I'm passing in to the API call. With each call I'm passing in a header with a hashed userId and authentication token. My original thought was to have a filter for each resource and after making sure the token matches the user, check that the requester has access to that foo, and thus can retrive those bars associated with it. However, I quickly realized that the servlet filter won't be able to access the path parameters. As of now, I see three options:
1.) Write a filter and do some hacky stuff within it to get the path param "Id" 2.) Pass in "{id}" within the header along with the userId and token 3.) Get the path param in the resource and pass it to a service to validate this
1 has the obvious issue of a changing base URI so I think it's a bad idea. 2 and 3 seem valid but I'm not sure what the best practice is.
